Generation based on CAP_LAST_CAP, I hardcoded
capability.CAP_BLOCK_SUSPEND as last for systems which has no
/proc/sys/kernel/cap_last_cap
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
Upstream-commit: a559c1145af3162cd683866fd6f998ff5f57058f
Component: engine
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Add tests for mounting into /proc and /sys
These two locations should be prohibited from mounting volumes into
those destinations.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Upstream-commit: f25bbedc85e8a99c1389dbe8f48436907ce24526
Component: engine
These files in /proc should not be able to be read as well
as written to.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Upstream-commit: a7a51306b1459a67da3a9cbbe8c9f80d3950c084
Component: engine
We can use this to control block IO weight of a container.
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
Upstream-commit: f133f11a7d25e6262558dd733afaa95ddd1c7aee
Component: engine
`lxc-stop` does not support sending arbitrary signals.
By default, `lxc-stop -n <id>` would send `SIGPWR`.
The lxc driver was always sending `lxc-stop -n <id> -k`, which always
sends `SIGKILL`. In this case `lxc-start` returns an exit code of `0`,
regardless of what the container actually exited with.
Because of this we must send signals directly to the process when we
can.
Also need to set quiet mode on `lxc-start` otherwise it reports an error
on `stderr` when the container exits cleanly (ie, we didn't SIGKILL it),
this error is picked up in the container logs... and isn't really an
error.
Also cleaned up some potential races for waitblocked test.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Upstream-commit: d2c4ee37c6a4114b33a915b7dae6de70e27e7965
Component: engine
The `--userland-proxy` daemon flag makes it possible to rely on hairpin
NAT and additional iptables routes instead of userland proxy for port
publishing and inter-container communication.
Usage of the userland proxy remains the default as hairpin NAT is
unsupported by older kernels.
Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com>
Upstream-commit: f42348e18f73d1d775d77ac75bc96466aae56d7c
Component: engine
To help avoid version mismatches between libcontainer and Docker, this updates libcontainer to be the source of truth for which version of logrus the project is using. This should help avoid potential incompatibilities in the future, too. 👍
Signed-off-by: Andrew "Tianon" Page <admwiggin@gmail.com>
Upstream-commit: 80a895142e7101b44ff71910bb2da994b1cc4f5f
Component: engine
Add cgroup support for disable OOM killer.
Signed-off-by: Hu Keping <hukeping@huawei.com>
Upstream-commit: a4a924e1b6c50f0f02460489259d73468a6c282e
Component: engine
This also moves `exec -i` test to _unix_test.go because it seems to need a
pty to reliably reproduce the behavior.
Signed-off-by: Daniel, Dao Quang Minh <dqminh89@gmail.com>
Upstream-commit: ade8146aa82baa88bacdcf2d9c2559e8f47d71e4
Component: engine
Updates most of the instances of HTTP urls in the engine's
comments. Does not account for any use in the code itself,
documentation, contrib, or project files.
Signed-off-by: Eric Windisch <eric@windisch.us>
Upstream-commit: ca37301d54e1525d4522dea266180072d4fd892b
Component: engine
Preventing the test execution to pollute the deterministic runtime environment
by seeding the global rand.Random.
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
Upstream-commit: c2c45d77691d1ca501a68d20885d040415477c92
Component: engine
